Quick question:
I have IPS enabled and configured for pretty much every option on my ASG (latest version - 7.303 is it? Or 203? I dunno…). Anyway...When I perform a port scan on my firewall from the web, it logs the scanning activity and all…I also get an email that I was port scanned. Great! But…Should IPS not be detecting this as well as blocking the activity (not just reporting it)?
I'm thinking along the lines that I don't ever need to port scan myself or be port scanned (unless there is a legitimate reason one would want to be able to be port scanned…? I dunno…Just thinking out loud on that…). I know it's common and all, but if I can make ASG blacklist the IP attempting to portscan me - that's ultimately what I am after I think. For example, if 210.10.10.10 scans for a period of 20 seconds or longer, blacklist the IP. Or is the nature of a port scan (SYN scan?) not possible to just drop and ignore and not give any clues to the deviant miscreant scanning me?
Does that make sense? Is that possible via ASG or would I have to look at a different IPS solution?
Thanks for any input!
This thread was automatically locked due to age.
